PAPI
SDK

Managed Mode

How managed mode works through the PAPI API

Managed Mode

In managed mode, the SDK routes all requests through the PAPI API at papi.tylerthebuildor.com. This is the recommended mode for most applications.

How It Works

Your App → PAPI SDK → PAPI API → Exchange (Polymarket/Kalshi)

                    PostgreSQL
                 (auth, cache, creds)
  1. Your app calls the SDK with an API key
  2. The SDK sends the request to the PAPI API
  3. PAPI authenticates your key, retrieves your encrypted exchange credentials, and proxies the request
  4. The response is cached and returned to your app

Authentication Flow

  1. You create an API key at dashboard.tylerthebuildor.com
  2. Your key is hashed (SHA-256) and stored — the raw key is never persisted
  3. On each request, PAPI hashes the provided key and looks up the matching record
  4. If valid, the request proceeds with your stored exchange credentials
use papi_sdk::{PapiConfig, PapiClient};

let config = PapiConfig::managed()
    .api_key("papi_sk_live_a1b2c3d4e5f6...")
    .build()?;

let client = PapiClient::new(config);

Credential Storage

Exchange credentials are stored encrypted in PostgreSQL using AES-256-GCM:

  • Credentials are encrypted at the application layer before database writes
  • Each credential set has a unique nonce
  • The encryption key is loaded from the server environment, never exposed to clients
  • You manage credentials through the dashboard or the /account/credentials API endpoints

Caching

Market data responses are cached in PostgreSQL with short TTLs to reduce exchange API load:

Data TypeTTL
Market listings60 seconds
Individual market30 seconds
Order book5 seconds
Account dataNot cached
Trading operationsNot cached

Cache writes happen asynchronously (fire-and-forget) and never block your request.

Rate Limiting

Each API key is rate limited to 60 requests per minute. Rate limit state is tracked per-instance (in-memory), not globally across instances.

Response headers tell you your current usage:

X-RateLimit-Limit: 60
X-RateLimit-Remaining: 57
X-RateLimit-Reset: 1710000060

When rate limited, you receive a 429 Too Many Requests response:

{
  "error": {
    "code": "rate_limited",
    "message": "Rate limit exceeded. Try again in 45 seconds."
  }
}

Benefits

  • No credential management — Exchange keys stored encrypted server-side
  • Built-in caching — Reduces exchange API calls and improves latency for repeated queries
  • Rate limit protection — Prevents accidental exchange API abuse
  • Unified auth — One PAPI key works across all exchanges
  • Zero exchange setup — No need to handle exchange-specific auth flows in your app

On this page

Managed ModeHow It WorksAuthentication FlowCredential StorageCachingRate LimitingBenefits